Conventional computing devices typically include one to many conventional types of input/output (I/O) ports for communicating with connectable external devices such as mice, keyboards, wireless modems, etc. Such computing devices further include one or more internal connections between a host processor (e.g. CPU) with internal devices such as storage devices (e.g. SATA/SAS drives). In conventional devices, these internal and external communications are rarely secured.
With respect to I/O ports, for example, Universal Serial Bus (USB) is a standard communication protocol between a host computer and peripheral devices. However, USB does not provide any level of security for the data transmitted from the peripheral devices to the host system. This poses a huge risk for enterprises, and more particularly, IT administrators who are responsible for securing their IT systems and devices.
USB is inherently not secure for several reasons. One reason is that USB data is sent in plain text. The data can be captured and analyzed by any USB protocol analyzer or software application. Another reason is that any USB peripheral is capable of connecting to a host computer since USB specification doesn't provide any means to filter unwanted or potentially harmful devices.
Relatedly, when confronted with many different types of internal and external interfaces and computing devices, managing the security of communications among all of them can be a challenge.